On Friday 12th may 2017, WannaCry Ransom-ware hit the world affecting over 230,000 computers in over 150 countries and is already growing.
Here is an exerpt from wikipedia.
On 12 May 2017, WannaCry began affecting computers worldwide. The initial infection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack. When executed, the malware first checks the “kill switch” domain name.[a] If it is not found, then the ransomware encrypts the computer’s data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and “laterally” to computers on the same network.
As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.
Organizations that lacked Microsoft’s security patch to Windows were affected by the attack, although there is so far no evidence that any were specifically targeted by the ransomware developers. Initially, any organization still running the older Windows XP was at particularly high risk because no security patches had been released since April 2014 (with the exception of one emergency patch released in May 2014). However, after the outbreak, Microsoft released a security patch for Windows XP on 13 May 2017, the day after the attack launched.
Ken Collins of Quartz wrote on 12 May that three or more hardcoded bitcoin addresses, or “wallets”, are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. To track the ransom payments in real time, a Twitterbot that watches each of the three wallets has been set up. As of 15 May 2017 at 7 PM, a total of 220 payments totaling $59,747.53 had been transferred.
This is my understanding of what happened.
Somebody stole EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency. These tools are supposed to provide the backdoor into the computers. After stealing them, the hackers made a WannaCry ransomware and sent it across the world to hack computers and create a havoc.
And Microsoft;the most responsible and honest company ever; released the security patch exactly two months before the cyber attack happened. Unfortunately only the systems that did not install the patch were affected by the virus. Also the affected computers are only past versions of windows and not the latest ones. And yes, dare they touch IOS.
The Larger Conspiracy:
Microsoft teamed up with NSA to create a tool that would provide backdoor into old Microsoft systems. Then the NSA let a group of hackers take away the technology. Which the hackers used to create the ransomware. To safeguard their own public image, Microsoft released a security patch 2 months before the attack so that the organisations would themselves feel guilty of not installing the patch. Now the Ransomware is attacking, not to the new systems, not to the IOS systems. But only to those systems which are old and Microsoft stopped supporting in 2014. Who is at benefit.
Yes you are right. Microsoft.
The ransomeware is specifically targeted at the very systems that made Bill gates the richest man. Just imagine the number of computer systems with corporate licences on the old operating systems. They were refusing to upgrade to latest OS’s because they are comfortable with the previous systems, their softwares are compatible with the older systems. Upgrading would mean a hell lot of expenditure, new supporting hardware, new supporting software, new training ETC.
Apple is quiet because it does not affect them. The clientele is already Microsoft’s and will probably not switch to apple for next 10 yrs atleast. Microsoft’s profits are falling and they have very small market share in Mobile Phones. New individual computers’ market share is a healthy competition between Apple and Microsoft. So the only place left for Microsoft to expand is in the Corporate clientele. Even if 5% of companies get scared and upgrade to new systems after this attack, Microsoft will have the party.
If you think this is just a conspiracy theory then answer these questions:
- Why would NSA develop such tools anyway?
- Or Why would NSA develop backdoor tools that can only affect older microsoft systems?
- If the tools could affect all, then why are newer systems and IOS are unaffected. Honestly, as a hacker I would make more money hacking IOS systems. Because they “have the money” $300 to pay for the systems that they bought for $1000 and $2000 as compared to other laptops and computers which start at $300.
- How the hell did the hackers take it away from NSA?
- Just 2 months before the attack, Microsoft released a patch which could have saved it. Seriously??? Did they know what was coming? Why didn’t they warn the users in advance?
- Has US security agencies completely lost their self respect. Somebody took their software away and are now using it to extort money out of people and they cant even track the people or the money trails.
I’ll keep updating this post with more and more proofs as the incident progresses.
Subscribe to my blog and share your views on this if you feel it makes sense.